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METHOD AND APPARATUS FOR 
PPPoE BRIDGING IN A ROUTING CMTS 



BACKGROUND 



1 . Field of the Invention 

The present invention relates to cable network services and more particularly to a method 
and apparatus for establishing a point-to-point connection with a terminal residing behind a routing 
5 Cable Modem Termination System (CMTS) in a cable television network. 

2. Description of Related Art 

The primary function of cable television networks is to transport television signals to cable 
television subscribers. The transport of television signals enables subscribers to receive multiple 
television programs from multiple broadcasters. The transport of television programs, however, is 



i consortium ofcable television operators, has recently developed a set of standards for transporting 
. data over the cable network. Data-Over-Cable Service Interface Specification (DOCSIS) and euro- 
l DOCISIS (collectively referred to as "the DOCSIS standard") define system specifications to 
I facilitate the exchange of data over the cable network. DOCSIS offers cable television customers 
1 5 high-speed data connectivity between terminals on and off the cable network. 

DOCSIS defines the architecture for transporting data over the cable network. The 
DOCSIS architecture may have five types of network elements: wide area networks (WAN), cable 
networks, cable modems, roufing Cable Modem Termination Systems (CMTSs), and terminals. 
Each network element may be coupled together. For example, the WAN may be coupled to the 
20 routing CMTS, the cable network may be coupled to the routing CMTS, and the cable modem may 
be coupled to the cable network. Other arrangements, however, are also possible. 
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networks offer. Cable Television Laboratories, a 




A WAN is a data network. Typically, it is an interconnect of terminals that exchange 
packets over a communications network. The cable network is also an interconnect of terminals. 
Like the WAN, the cable network may also enable terminals to exchange packets over the cable 
network. Unlike the WAN, it may also transport television signals. 



cable network. It may serve as an interface between the two networks. The function of the routing 
CMTS may be to route downstream and upstream traffic, between the cable network and the WAN. 

"Downstream traffic" is packets directed to at least one cable modem coupled to the cable 
network. The routing CMTS may regulate the downstream traffic by receiving packets from the 

£10 WAN and transmitting packets over the cable network to the at least one cable modem. 

It "Upstream traffic" is packets originating from at least one cable modem. The routing 

jlj CMTS may regulate the upstream traffic by allowing only one cable modem to transmit upstream 
at a time. A cable modem wishing to transmit packets upstream may transmit a data request to the 
routing CMTS. When a channel is available, the routing CMTS may grant the cable modem's data 

nil 5 request. The cable modem may then transmit its packets. 

j-f DOSCIS defines a seven layer protocol that network devices may conform to in order to 

exchange packets over the cable television network. The seven layer protocol enables the products 
of different manufacturers to inter-operate. Each layer of the protocol may perform a specific 
function. For example, layers 1 to 3 deal with network access and layers 4 to 7 deal with end-to- 
20 end communications between two or more terminals on the network. 

Layers 2 and 3, the Data Link layer and Network layer, deal specifically with routing 
packets over the cable network. The Data Link layer defines the procedures and protocols for 
controlling access to a communication channel shared by two or more terminals. The Data Link 
layer is comprised of two sub-layers. One of the sub-layers is called the MAC sub-layer. The 



5 



The routing CMTS may be an intermediate point of termination between the WAN and the 
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MAC sub-layer may control a terminal's access to the cable network. For example, it may use a 
location-independent 48 bit MAC sub-layer address to route packets to a specific terminal. The 
MAC sub-layer address is a unique address assigned to each terminal to facilitate the transport of 
packets to the terminal. 

5 The Network layer is one layer above the Data Link layer. Unlike the Data Link layer, the 

Network layer defines the protocol for transmitting packets between physical networks. Each 
physical network is assigned a unique 32 bit network layer address. The Network layer may use the 
32 bit network layer address to route packets to the physical network on which a terminal is located. 
Like the MAC sub-layer address, packets destined to a specific terminal may contain a network 

CIO layer address. Unlike the MAC sub-layer address, however, the network layer address may be 
location-dependent. If a terminal is moved to a different network, the packets may use a different 

^: network layer address in order to reach the terminal. 

%l Operating together, the network layer address and MAC sub-layer address may enable a 

network device to route packets to a specific terminal on the cable network. For example, a routing 
n|15 CMTS may use the network layer address to route packets to the physical network on which the 
Ci terminal is located. A cable modem may use a MAC sub-layer address to receive packets 
addressed to a specific terminal. 

One advantage of using the MAC sub-layer address is that it may enable network devices to 
shape data traffic to a terminal. Network devices may use the MAC sub-layer address to ensure 
20 that terminals are guaranteed a specific level of service. For example, a network device may route 
packets at a fixed rate to the terminal identified by the MAC sub-layer address. Therefore, along 
with enabhng the transport of data over the cable network, DOCSIS may enables the cable network 
to provision services on a per-terminal basis. 
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Users, however, may not be satisfied with the provisioning of services on a per-terminal 
basis. Users typically desire network services on a per-user basis. One way to provision services 
on a per-user basis may be to establish a point-to-point connection between two or more terminals. 
Request for Comments 2516 of the hitemet Engineering Task Force (IETF) defines a protocol for 
5 establishing a point-to-point connection over Ethernet (PPPoE). PPPoE enables a network to 
identify a connection according to the users on it, rather than according to the physical terminals on 
it. Therefore, the network may be able to allocate a particular bandwidth to a physical terminal 
depending on the user logged onto the terminal 

PPPoE exchanges Ethemet frames during the point-to-point connection. The Ethemet 
CIO frame is a packet structure for transporting data on a Local Area Network (LAN). It typically 
comprises a destination address (e.g. MAC sub-layer address) identifying the destination terminal 
of the Ethemet frame and a payload field containing the data to be transported. As DOCISIS also 
i;5 uses Ethemet fi-ames to transport data, PPPoE may be implemented on a DOCSIS cable network. 
1^: The endpoints of the PPPoE connection, however, must reside in the same network. If a packet has 
n|15 to cross another network, it passes through the routing CMTS. The routing CMTS may alter, 
Cl among other fields, the destination address of the Ethemet frame (e.g. to an intermediate network 
device between the source and destination of the Ethemet frame) as it transports the Ethemet frame 
from one network to another. PPPoE protocol requires that the destination address of an Ethemet 
frame be the address of an endpoint to a PPPoE connection. Thus, the routing CMTS is 
20 incompatible with PPPoE protocol. 

The routing CMTS may have to act as a PPPoE termination server to enable PPPoE 
between terminals not on the same network. It may terminate the PPPoE session at the routing 
CMTS. Configuring a routing CMTS to act as a PPPoE termination server, however, detracts fi"om 
the routing CMTS's primary purpose of routing packets between networks. 
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SUMMARY OF THE INVENTION 

The present invention addresses the problem associated with configuring a routing CMTS 
to act as a PPPoE termination server. The exemplary embodiments of the present invention 
describe a method and apparatus for establishing a PPPoE connection between endpoints on 
5 different networks. The present invention involves configuring a routing CMTS to bridge Ethemet 
frames related to a PPPoE connection. Bridging makes the routing CMTS transparent to the 
PPPoE connection. The destination address of the Ethemet frame is not altered as the Ethemet 
frame passes through the routing CMTS. 

According to one exemplary embodiment of the present invention, a routing CMTS may 
Clio receive an Ethemet frame from a first terminal engaged in a PPPoE connection. It may then 
ll transmit the Ethemet frame to a second terminal engaged in the PPPoE session. In the exemplary 
Jif embodiment, the routing CMTS does not alter the destination address of the Ethemet frame. Thus, 
q5 endpoints in different networks may establish a PPPoE session without having to configure the 
L= v routing CMTS to act as a PPPoE termination server. 

n|15 According to another exemplary embodiment of the present invention, the routing CMTS 

t) may receive an Ethemet frame from a first terminal. Then, the routing CMTS may locate an 
Ether_Type field in the Ethemet frame. The Ether_Type may indicate whether the Ethemet frame 
is related to a PPPoE connection. The routing CMTS may then compare a status code in the 
Ether_Type field to a discovery code and a session code. If the status code in the Ether_Type field 
20 matches the discovery code or session code, then the Ethemet frame is related to a PPPoE 
connection. The routing CMTS may then transmit the Ethemet frame to a second terminal engaged 
in a PPPoE session. The routing CMTS may not alter the destination address of the Ethemet frame. 
If the Ethemet frames are unrelated to a PPPoE connection (e.g. status code does not match 
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discovery or session code), the routing CMTS may route the Ethernet frame. Thus, the routing 
functionaUty of the routing CMTS is preserved. 

In yet another exemplary embodiment of the present invention, the routing CMTS may 
serve as a non-invasive security firewall. The routing CMTS may receive an Ethernet frame from a 
5 first terminal. Then, the routing CMTS may locate an Ether Type field and destination address. 
The routing CMTS may then compare a status code in the Ether_Type to a discovery code and a 
session code. If the status code in the Ether_Type field matches a discovery code, then the 
destination addresss may be stored in the memory. The presence of a discovery code indicates that 
the Ethernet frame is related to a PPPoE connection to be established. The routing CMTS may 
cJO store the destination address so as to keep a record of the terminals engaged in a PPPoE connection. 
^1 The routing CMTS may then transmit the Ethernet frame. The Ethernet frame is related to a PPPoE 
~ ^ connection. Thus, the routing CMTS may not alter the destination address of the Ethernet frame. 
%i If the status code in the Ether_Type field matches the session phase code, then the routing 

L CMTS may compare the destination address in the Ethernet frame to a stored address in the 
n|15 memory. The presence of a session code indicates that the Ethernet frame is related to an already 
CS established PPPoE connection. Thus, if the destination address matches the stored address, then the 
routing CMTS may then transmit the Ethemet frame to a second terminal engaged in a PPPoE 
connection. It may not alter the destination address of the Ethemet frame. If the destination 
address does not match the stored address, then the routing CMTS may discard the Ethemet frame. 
20 The Ethemet frame is not related to a PPPoE session that the routing CMTS recognizes. In an 
exemplary embodiment, the routing CMTS may act as a firewall and only permit Ethemet frames 
destined to terminals engaged in a PPPoE connection to pass. Such a configuration may prevent 
spoofing attacks. 
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This as well as other aspects and advantages of the present invention will become apparent 
to those of ordinary skill in the art by reading the following detailed description, with appropriate 
reference to the accompanying drawings. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Exemplary embodiments of the present invention are described herein with reference to the 
drawings, in which: 

Figure 1 illustrates the architecture of a cable network conforming to Data Over Cable 
5 System Interface Specification (DOCSIS); 

Figure 2 illustrates the structure of a Cable Modem Termination System (CMTS); 
Figure 3 illustrates the syntax of an Ethernet frame; 

Figure 4 illustrates the exchange of Ethemet frames during discovery phase 
communications between a host and peer residing in the DOCSIS network; 
liiO Figure 5 illustrates the operation of a bridging CMTS in accordance with an exemplary 

I embodiment of the present invention. 
:-^f Figure 6 illustrates the operation of a selective bridging CMTS in accordance with an 

%l exemplary embodiment of the present invention; and 

: Figure 7 illustrates the operation of a security CMTS in accordance with an exemplary 

j=l jl 5 embodiment of the present invention. 



MCDONNELL BOEHNEN 
HULBERT & BERGHOFF 
300 SOUTH WACKER DRIVE 
CHICAGO, ILLINOIS 60606 
TELEPHONE {3 12) 913-0001 



DETAILED DESCRIPTION 
OF EXEMPLARY EMBODIMENT 

1 . Exemplary Network Architecture 

5 Referring to the drawings, Figure 1 illustrates a simplified diagram of the architecture of a 

DOSCIS network. This and other arrangements described herein are shown for purposes of 
illustration only. 

Those skilled in the art will appreciate that other network architectures may be used instead, 
additional elements may be added to these architectures, and some elements may be omitted 
10 altogether. Further, as in most network architectures, those skilled in the art will appreciate that 
many of the elements described herein are functional entities that may be implemented as discrete 
4l components or in conjunction with other components in any suitable combination and location. 
J: Still further, various functions described herein may be carried out by a processor 

tl programmed to execute computer instructions. Provided with the present disclosure, those skilled 

in the art can readily prepare appropriate computer instructions to perform such functions, 
ni Referring to Figure 1, the DOCSIS architecture may have five types of network elements: 

nl wide area networks (WANs) 12, cable networks 16, cable modems 18, terminals 19, and routing 
Ci cable modem termination systems (CMTSs) 14. The DOCSIS cable network may have at least one 
of each type of network element, each coupled to another network element. For example, the WAN 
20 12 may be coupled to the routing CMTS 14, the cable network 16 may be coupled to the routing 
CMTS 14, and the cable modem 18 may be coupled to the cable network 18 and to the terminal 19. 
Other arrangements are also possible. 

The terminals on the WAN 12 and cable network 16 may each be a device (e.g. computer, 
server) or a collection of devices. The WAN 12 and cable network 16 typically comprise terminals 
25 networked together and capable of communicating with each other. The WAN 12 may be network 
for transporting data and the cable network 16 may be a network for transporting data and video 
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signals. The cable modem 18 interfaces the temiinal 19 to the cable network 16. It receives 
packets from the cable network 16 addressed to the terminal 19 to which it is connected and 
transmits packets onto the cable network 16 from the terminal 19 to which it is connected. Other 
arrangements are also possible. 
5 The routing CMTS 14 may route packets between the WAN 12 and cable network 16. It 

may operate at the Network layer and interface the cable network 16 to extemal data networks. The 
routing CMTS comprises a routing engine. The routing engine intelligently transports packets from 
one network to another. It may use a network layer address and MAC sub-layer address to 
transport packets from a source to a destination according to the shortest path, for example. 
C|10 Figure 2 illustrates the architecture of a routing CMTS. The routing CMTS may comprise a 

'^1 processor 20 coupled to a memory circuit 22, a modulator 24, a demodulator 26, and a network 
f:i terminator 28. The processor 20 may be a programmable device that controls the operations on the 
Jr^f routing CMTS. For example, the processor 20, in conjunction with the modulator 24, may convert 
digital signals received from the WAN 12 (Figure 1) into equivalent analog signals for transmission 
n|15 over the cable network 16 (Figure 1). Similarly, the processor 20, in conjunction with a 
r| demodulator 26, may convert analog signals received from the cable network 16 into equivalent 
digital signals for transmission over the WAN 12. Thus, the modulator may be a transmitter for 
transmitting packets over the cable network and the demodulator may be a receiver for receiving 
packets from the cable network, 
20 Unlike the modulator and demodulator, the network terminator 28 may define the interface 

between the WAN 12 and the routing CMTS 14 (Figure 1). It may be the point where the cable 
network provider's services begin and end. The network terminator 28 may also comprise a 
receiver and transmitter. The receiver may receive packets from the WAN 12 and the transmitter 
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may transmit packets to the WAN 12. As the WAN 12 may be a digital network, the receiver and 
transmitter may transmit and receive digital signals. Other arrangements are also possible. 
2. Point-to-Point over Ethernet 

Typically, the packets that the DOCSIS network transports are called frames. The frames 
5 may comprise a header field for addressing information and a payload field for data. The MAC 
sub-layer address may be part of the header field. The MAC sub-layer address may identify the 
specific terminal to which the data is destined. One advantage of using a frame containing a MAC- 
sub-layer address is that it is simplifies the transport of packets to a terminal. The frame's 
destination is in accordance with the MAC sub-layer address in the frame. One disadvantage of 

r|10 using a MAC sub-layer address is that the network may not be able to provision services at the 
user-specific level. The MAC sub-layer address may only enable the network to discriminate 

01 among physical terminals. 

Lii ; 

^? Request for Comments 2516 of the Internet Engineering Task Force, the contents of which 

is incorporated by reference herein, specifies a protocol for establishing a point-to-point connection 
j^tl5 over Ethernet (PPPoE). PPPoE enables two-points to identify and authenticate each other 
E| according to the user logged into a terminal. Hence, a network using PPPoE may be able to 
provision services at a user-specific level. For example, user A and user B at the same computer 
terminal may establish two different PPoE sessions and two different levels of service. User A may 
be guaranteed a certain level of bandwidth while user B may not. 
20 PPPoE is a frame-based transport protocol. As the structure of the frame in PPPoE may be 

identical to that in DOCSIS, PPPoE may be integrated into the DOCSIS standard. Therefore, a 
DOCSIS cable network may be configured to provide network services on a per-user basis. 
A. Structure of an Ethernet frame 
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The Ethernet frame is a data structure that PPPoE may use to transport data during a PPPoE 
connection. The Ethernet frame may comprise information for estabhshing and maintaining a 
PPPoE connection. Figure 3 illustrates the structure of a typical Ethernet frame. The Ethernet 
frame may have at least 5 fields. Other arrangements, however, are also possible. 
5 The Ethernet frame comprises 14 bytes of header fields and up to 1500 bytes of payload 

data. The first field may be a six byte destination address 30. The destination address 30 may be a 
unique MAC sub-layer address that identifies the destination terminal of the Ethemet frame. 
Altematively, the destination address may be a broadcast address (e.g. OxFFFFFFFF) that indicates 
that all terminals are to receive the Ethemet frame. PPPoE protocol requires that the destination 
f^ i 0 address of an Ethemet frame always contain the address of a endpoint to the PPPoE connection. 

The second field may be a source address 32. The source address 32, also 6 bytes, may be a 
^1 unique MAC sub-layer address identifying the source of the Ethemet frame. The third field may be 
'^f an Ether Type field 34. The Ether Type 34 field may be a 2 byte field containing the status of the 
[^^ PPP session. There may be two phases to a PPPoE session: a Discovery phase and Session phase. 
^,h15 During Discovery phase, the Ether_Type field 34 may be set to a discovery code, e.g. 0x8863. 
Q\ During Session phase, the Ether_Type field 34 may be set to a session code, e.g. 0x8864. Other 
codes are also possible. 

The fourth field of the Ethemet frame may be a payload field 36. The payload field 36 may 
contain up to 1 500 bytes of data to be transported over the network. The initial bytes of the payload 
20 field 36 may be specifically set to indicate that the Ethemet frame contains data related to a PPPoE 
connection. For example, the payload field may contain a session identifier 40 (session ID). The 
session ID 40 may be a 16 bit field that identifies a specific PPPoE session. Each user establishing 
a PPPoE session on the cable network may have his own session identifier. Other arrangements, 
however, are possible for identifying the PPPoE connections. 
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The fifth and final field of the Ethernet fi'ame of Figure 3 may be a checksum field 38. The 
checksum field 38 may be used for error detection. It may also have additional fiinctions (e.g. error 
correction). 

B. Establishing a PPPoE Connection 

5 The start of a PPPoE session typically requires a host and peer (e.g. two endpoints of the 

PPPoE session) to exchange Ethernet fi:ames. The exchange of fi*ames enables the host and peer to 
identify each other and select a session ID. The terminals engaged in a PPPoE connection are 
typically programmed with PPPoE protocol to establish a PPPoE connection. Therefore, terminals 
on a DOCSIS network may be programmed with PPPoE protocol to enable PPPoE over the cable 
ziO network. 

"^1 There are typically two phases to establishing a PPPoE connection. The first phase may be 

J-;{ a Discovery phase. The purpose of the Discovery phase may be for the host and the peer to 
^: exchange MAC sub-layer addresses and to select a session ID. The second phase may be a Session 
l^, phase. The purpose of the Session phase may be for the host and peer to initiate a PPPoE session. 
n|15 Figure 4 illustrates a typical exchange of Ethemet fi:'ames during the Discovery phase. 

C i Other arrangements are also possible. 

The Discovery phase typically begins, at step 46, with a host 42 sending a PPPoE Active 
Discovery Initiation fi^ame (PADI) to a peer 44. The PADI is a request by a host 42 to initiate a 
PPPoE session with a peer 44. The PADI may have the destination address set to a broadcast 
20 address so that any peer 44 (e.g. a server) may respond to the host's request. 

If the peer 44 receives the PADI and wishes to serve the host 42, it may respond, at step 48, 
by sending a PPPoE Discovery Offer (PADO) fi-ame. The destination address may be set to the 
address of the host 42 that sent the PADI. The payload of the PADO may contain the MAC sub- 
layer address of the peer 44 that is responding. As the host 42 may receive more than one PADO, 
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the host 42 may select the peer 44 with which it wishes to estabUsh a PPPoE session. It may 
consider information it may have on the specific peer 44, for example, the capabilities and services 
of the peer. The host 42 may respond to the peer 44 selected by sending, at step 50, a PPPoE 
Active Discovery Request (PADR) frame. Upon receipt, the peer 44 may generate a unique session 
5 identifier (session ID) and exchange it with the host 42. The session ID may identify the specific 
PPPoE connection between the host 42 and peer 44. 

Once the host 42 and the peer 44 have successfully identified each other (e.g. exchanged 
sessions IDs), the two devices may enter the Session stage. They may estabUsh a point-to-point 
connection (identified by the session ID) and begin exchanging Ethemet frames according to the a 
r lO specific level of service. 

'^J The session ID typically carries the advantages of PPPoE. The session ID may be used to 

identify every Ethemet frame that belongs to a particular PPPoE session and the particular users 

Jf associated with the PPPoE connection. The network may use the session ID to provision network 
services at the user-specific level, rather than at the terminal level. 

n |15 One type of user-specific service that the session ID may enable is bandwidth allocation. A 

cl network entity may use the session ID shape the traffic sent and received by specific users engaged 
in a PPPoE session. For example, if user A logs into a terminal and establishes a PPPoE session, 
user A may be assigned a unique session ID. If user A is paying for some guaranteed data rate, a 
network entity may shape the traffic associated with user A's session ID according to his level of 
20 service. If at a later time, user B sits at the same computer and logs in under a different account 
(e.g. by presenting a different usemame/password pair), user B may receive a separate session ID. 
If user B is paying only for a best-effort service, with no bandwidth guarantees, the network entity 
may apply the appropriate bandwidth management techniques to Ethemet frames with user B's 
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session ID to match user B's level of service. Therefore, the session ID of PPPoE enables a 
network to provision services at a user-specific level. 
3. PPPoE in Cable Networks 

PPPoE is an IETF standard designed to connect a host and peer together in the same LAN. 
5 If a host and peer are on different networks, then the Ethernet frames that they exchange would pass 
through a routing device. A routing device may transports Ethemet frames between networks. Part 
of the routing process may include transmitting Ethemet frames to an intermediate network device. 
Thus, the routing device may alter the destination address of the Ethemet frame. As PPPoE 
requires that the destination address of an Ethemet frame be the address of one endpoint to the 
gfO PPPoE connection, PPPoE is incompatible with the fiinction of routers. 

Si The routing CMTS of a DOCSIS network is a routing device. Thus, to enable terminals on 

different networks to establish a PPPoE connection, the routing CMTS may be configured to act as 

%: a PPPoE termination server. The PPPoE termination server acts like a peer to a PPPoE session. It 
may terminate the PPPoE connection in the same network as the host. 

n|15 Configuring a routing CMTS as a PPPoE termination server, however, is not a very 

Cl efficient solution. First, there are a number of routing CMTSs deployed in a network. If each 
routing CMTS acts as a PPPoE termination server, the operator would need to collect and collate 
data from each routing CMTS in order to obtain meaningful accounting and billing data. Second, 
servers are built specifically for the purpose of PPPoE termination. These highly specialized 
20 servers come with a fiill range of options and features that would have to be duplicated at the 
routing CMTS in order to match the functionality of dedicated PPPoE termination servers. Third, 
some operators already have PPPoE termination servers. They would like to continue using the 
servers they have, rather than configuring routing CMTSs as PPPoE termination servers. Fourth, 
the computational processing associated with providing PPPoE termination at the routing CMTS 
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would detract from a router's primary purpose, the forwarding and routing of packets between 
networks. 

Therefore, in exemplary embodiments of the present invention, a routing CMTS may be 
configured to bridge Ethernet frames related to a PPPoE connection. Bridging is the process of 
5 transporting an Ethernet frame without altering (among other fields) its destination address. 
Configuring the routing CMTS to bridge Ethernet frames avoids the problem of configuring the 
routing CMTS to act like a PPPoE termination server. Those skilled in the art can readily prepare 
appropriate computer instructions to perform the required fimctions consistent with the exemplary 
embodiment of the present invention. 
C|10 A. Bridging CMTS 

"^^1 Figure 5 illustrates a step-by-step operation of an exemplary embodiment of the present 

invention. The routing CMTS may be configured to bridge Ethernet frames, including those that 

Jf f are related to a PPPoE connection. The exemplary embodiment is herein referred to as a bridging 

[^^ CMTS. The bridging CMTS may bridge an Ethernet frame to/from the cable network and to/from 
5 the WAN to enable PPPoE over the cable network. 

CI In the bridging CMTS, a step 52 may be for a receiver to receive an Ethemet frame. Then, 

a step 54 of the bridging CMTS may be for a transmitter to transmit the Ethemet frame. The 
destination where the bridging CMTS may transmit the Ethemet frame may be the terminal 
identified by the destination address in the Ethemet frame when it was received. Thus, the bridging 
20 CMTS may transmit the Ethemet frame to a second terminal engaged in the PPPoE connection if 
the Ethemet frame is related to a PPPoE connection. The bridging CMTS facilitates PPPoE 
connections between terminals on different networks because it does not alter the destination 
address. The Ethemet frame retains the address of the second terminal engaged in the PPPoE 
connection. 
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B. Selective Bridging CMTS 

A routing CMTS configured to route Ethernet frames operates more efficiently than a 
routing CMTS configured to bridge Ethernet frames. The routing CMTS may transport an Ethernet 
packet from a source to destination by minimizing a given criteria (e.g. shortest path, minimum 
5 delay). Therefore, in an another exemplary embodiment of the present invention, a routing CMTS 
may be configured to selectively bridge some Ethemet frames and route other Ethernet frames. 
Again, those skilled in the art can readily prepare appropriate instructions (e.g. software) to perform 
the required ftinctions consistent with the exemplary embodiment of the present invention. 

Figure 6 illustrates the step-by-step operation of the routing CMTS configured to selectively 
r|lO bridge Ethemet frames. The routing CMTS configured in such a manner is herein referred to as 
"^1 selective bridging CMTS. The selective bridging CMTS may treat Ethemet frames related to a 
^1 PPPoE connection differently from those not related to a PPPoE connection. Specifically, the 
selective bridging CMTS may bridge Ethemet frames related to a PPPoE connection and route 
other Ethemet frames. Thus, a first step may be to determine if an Ethemet frame is related to a 
^5 PPPoE connection. 

Ci At step 56, a receiver on the selective bridging CMTS may receive an Ethemet frame from 

a first terminal. Then, a step 58 may be for the selective bridging CMTS to store the Ethemet 
frame in a memory (e.g. RAM). A step 60 may be to locate an Ether_Type field in the Ethemet 
frame, for example, by parsing the contents in the Ethemet frame. 
20 A step 62 may be to compare a status code in the Ether Type field of the Ethemet frame to 

a discovery code (e.g. 0x8863) and session code (e.g. 0x8864). If the status code in the Ether type 
field matches a discovery code or session code, then the Ethemet frame may be related to a PPPoE 
connection (e.g. discovery or session phase). A step 64 may be for a transmitter to transmit the 
Ethemet frame in the memory to a second terminal engaged in a PPPoE connection. In 
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transmitting the Ethernet frame, the selective bridging CMTS may not aher the destination address 
of the Ethernet frame. Thus, the selective bridging CMTS enables terminals on different networks 
to engage in a PPPoE connection. 

If the status code in the Ether_Type does not match the discovery code or session code, then 
5 the Ethernet frame may not be related to a PPPoE session. At step 66, the selective bridging CMTS 
may route the Ethernet frame. The selective bridging CMTS may act as a router when the Ethernet 
frame is not related to a PPPoE connection so as to efficiently route Ethernet frames from a source 
to a destination. 

One advantage of selective bridging CMTS is that it enables the PPPoE to work outside a 
illO single network without reconfiguring the router to operate in a pure bridge mode. Furthermore, it 

enables routers to be placed between PPPoE hosts and peers, without the need for routers to 
f^i terminate the PPPoE session. With selective bridging, the network operator may continue to use 

routers instead of bridges, but at the same time enable PPPoE on its network. 
L C. Security CMTS 

f||15 A fiirther advantage of the selective bridging CMTS is that it may keep track of PPPoE 

£} connections between terminals. The CMTS may use such information to maintain network 
security. In yet another exemplary embodiment of the present invention, the routing CMTS may be 
configured to keep state information on the exchange between a host and peer in a PPPoE session 
so as to perform security fiinctions. 
20 Figure 7 illustrates a step-by-step operation of the exemplary embodiment of the present 

invention. The routing CMTS may be configured to bridge Ethemet frames destined to terminals 
behind the routing CMTS (e.g. on the cable network) that are engaged in a PPPoE connection. The 
exemplary embodiment is herein referred to as a security CMTS. A function of the security CMTS 
may be to act as a non-invasive security firewall to prevent spoofing attacks. 
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The security CMTS may operate similarly to the selective bridging CMTS. Specifically, it 
may identify Ethernet fi-ames related to a PPPoE connection from those that are not related. The 
security CMTS may differ fi-om the selective bridging CMTS in that it records the destination 
addresses of terminals engaged in PPPoE connections. It only bridges those Ethemet fi-ames 
5 destined to terminals engaged in a PPPoE connection. 

In the security CMTS, a step 84 may be for a receiver on the security CMTS to receive an 
Ethemet frame from a first network. A step 86 may be to store the Ethemet fi*ame in a memory 
(e.g. RAM). A step 88 may be to locate an Ether_Type field and destination address in the Ethemet 
fi-ame, for example, by parsing the contents of the Ethemet fi-ame. The purpose may be to examine 
i 0 the Ether Type field to determine whether the Ethemet frame is related to a PPPoE connection. 
I A step 68 may be to compare a status code in the Ether Type field to a discovery code (e.g. 

0x8863) or session code (e.g. 0x8864). If the status code in the Ether_Type field matches a 
discovery code, then the Ethemet frame may be related to a PPPoE connection (e.g. discovery 
phase). A step 70 may be to store the destination address of the Ethemet frame in the memory, for 
pj'|l5 example in a stored list. The presence of the discovery code indicates that the Ethemet frame is 
qi related to PPPoE connection to be established. The security CMTS may store the address so as to 
keep a record of the terminals engaged in a PPPoE connection. 

As a step 72, a transmitter may then transmit the Ethemet frame to a second terminal 
engaged in a PPPoE connection. The Ethemet frame is related to a PPPoE connection. Thus, it 
20 may not alter the destination address of the Ethemet frame. 

If the status code in the Ether Type field matches a session code, a step 76 may be to 
determine if the destination address matches an address in the stored list. If so, a step 78 may be for 
the transmitter to transmit the Ethemet frame to a second terminal engaged in a PPPoE connection. 
The Ethemet frame may be related to a recognized PPPoE session (because the address matches a 
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PPPoE connection recorded during discovery phase). Thus, the destination address of the Ethernet 
frame may not be altered. 

If the Ethernet frame address does not match the stored address, then a step 80 may be to 
discard (e.g. not transmit) the Ethernet frame. Only those Ethernet frames with an Ethernet frame 
5 address corresponding to a host or peer on the cable network engaged in a PPPoE connection may 
be bridged. If the Ether-Type field does not match the discovery code or session code, then a step 
82 may be to also discard the Ethernet frame. The Ethernet frame may not be related to a PPPoE 
connection if the Ether__Type field does not match either codes. 

Exemplary embodiments of the present invention have thus been illustrated and described. 
MO It will be understood, however, that changes and modifications may be made to the invention, as 
described, without deviating from the spirit and scope of the invention, as defined by the following 
claims. 
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